cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4144
Views
25
Helpful
4
Replies

Linux root access to ISE 2.6 and ISE 3.0

The TAC engineer used these two files to gain root access to my ISE 2.6

 

RootKeyv45-appbundle-1.0-x86_64.tar.gz

RootPatch-appbundle-1.4.SSA_NOT_FOR_RELEASE_1.x86_64.tar.gz

 

I installed these two files on another ISE 2.6 and I got root access.

 

Questions:

1- Is there a time limit on how long these two files will stay valid?  For example, if I install these two files on another ISE 2.6 a year from now, will it still work?

 

2- Can you also install these two files on ISE 3.0 and expect it to work?

 

FYI:  Look like ISE version 2.6 use Redhat 7.5

 

ade # cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.5 (Maipo)
ade #

4 Replies 4

ComputerRick
Cisco Employee
Cisco Employee

No, the files will timeout after installation, and the key file is only valid for 90 days at a time.  As of ISE 2.7, those file will not work, root access requires a token generated by Cisco TAC. 

 

Root access is limited because ISE is a security product granting network access and control.  Due to the scope and possible impact while in root, it's advised that root is only accessed while being supervised by TAC engineers. 

Cisco does not provide root access for customer ISE deployments unless used specifically by the TAC or BE for troubleshooting or providing patches to the customer ISE deployment.  Root access is carefully monitored and is to be used by the TAC or BE only.”

 

Kasper Elsborg
Level 1
Level 1

hi adamscottmaster2013

After installing the two appbundles, how did you enter root access?

Cheers Kasper

Root access is strictly for TAC use.
Customers are not allowed to access ISE root shell.

If any workaround need to be executed from root then open TAC case.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: